Raspomh
Posts: 106
Joined: Sat Jul 30, 2016 7:59 pm

Can't connect to rpi on home network

Tue Aug 09, 2016 7:08 pm

Hello
I have a project to open my garage door with my rpi. I communicate to the rpi using Tasker SSH plugin. Everything works fine until I connect to home wifi. I've successfully set up No-ip DNS and have my port forwarded correctly. If I'm connected to my work wifi everything is fine.

Thanks

drgeoff
Posts: 9901
Joined: Wed Jan 25, 2012 6:39 pm

Re: Can't connect to rpi on home network

Tue Aug 09, 2016 10:11 pm

Not enough information for anyone to even guess what the problem is and how to fix it.

Raspomh
Posts: 106
Joined: Sat Jul 30, 2016 7:59 pm

Re: Can't connect to rpi on home network

Wed Aug 10, 2016 12:02 am

I'd be happy to provide more info I thought I covered my issues

SonOfAMotherlessGoat
Posts: 690
Joined: Tue Jun 16, 2015 6:01 am

Re: Can't connect to rpi on home network

Wed Aug 10, 2016 12:23 am

What kind of WiFI AP are you using at home? When you connect at home, are you still using the DDNS name and therefore public IP address? Is the home AP set up to correctly hairpin forward the requests? Can you change your setup so that you use the local private IP address at home and test to see if that functions correctly?
Account Inactive

asandford
Posts: 1997
Joined: Mon Dec 31, 2012 12:54 pm
Location: Waterlooville

Re: Can't connect to rpi on home network

Wed Aug 10, 2016 12:33 am

Raspomh wrote:I'd be happy to provide more info I thought I covered my issues
You've not described your setup, or what you are trying to connect with. Googling a bit revealed that you are connect to the Pi via a mobile phone. This scenario works:

Code: Select all

phone <-> work wifi <-> internet <-> your router <-> Pi
This scenario doesn't:

Code: Select all

phone <-> your router [<-> internet <-> your router] <-> Pi
Is your Pi connected by wifi as well? If it is then some routers can't do:

Code: Select all

deviceA <-wifi-> router <-wifi-> deviceB
Can you connect to the pi with your phone at home using its local network address rather than the no-ip hostname?

Raspomh
Posts: 106
Joined: Sat Jul 30, 2016 7:59 pm

Re: Can't connect to rpi on home network

Wed Aug 10, 2016 12:57 am

Let's take my phone out of the equation for now ..

How I can connect to rpi from a home network PC

If I open putty on my home network PC under SSH chose x-11 .. goto session enter my pi ip address click open. Terminal opens and log into rpi.

If I try to log into my rpi using this same procedure using DNS when Terminal opens its a black screen it does not state "login as"

My rpi is connected via Eithernet

(how I find the ip address of my pi .. use an app from Google play store "Fing")

Raspomh
Posts: 106
Joined: Sat Jul 30, 2016 7:59 pm

Re: Can't connect to rpi on home network

Wed Aug 10, 2016 1:02 am

Can you connect to the pi with your phone at home using its local network address rather than the no-ip hostname?

Yes

asandford
Posts: 1997
Joined: Mon Dec 31, 2012 12:54 pm
Location: Waterlooville

Re: Can't connect to rpi on home network

Wed Aug 10, 2016 2:24 am

Raspomh wrote:(how I find the ip address of my pi .. use an app from Google play store "Fing")
You don't need fing anymore as the Pi has avahi running - any Apple or PC with iTunes (or PC with 'bonjour' / Apple print services) will find it with just .local appended to the hostname:

Code: Select all

pi@bootserver:~ $ ifconfig
eth0      Link encap:Ethernet  HWaddr b8:27:xx:xx:xx:xx
          inet addr:192.168.0.45  Bcast:192.168.0.255  Mask:255.255.255.0
          inet6 addr: fe80::ba27:ebff:fefe:caa/64 Scope:Link
          UP BROADCAST RUNNING MULTICAST  MTU:1500  Metric:1
          RX packets:136 errors:0 dropped:0 overruns:0 frame:0
          TX packets:117 errors:0 dropped:0 overruns:0 carrier:0
          collisions:0 txqueuelen:1000
          RX bytes:11927 (11.6 KiB)  TX bytes:18015 (17.5 KiB)

Microsoft Windows [Version 6.3.9600]
(c) 2013 Microsoft Corporation. All rights reserved.

C:\Users\me>ping bootserver.local

Pinging bootserver.local [192.168.0.45] with 32 bytes of data:
Reply from 192.168.0.45: bytes=32 time<1ms TTL=64
Reply from 192.168.0.45: bytes=32 time<1ms TTL=64
Reply from 192.168.0.45: bytes=32 time<1ms TTL=64
Reply from 192.168.0.45: bytes=32 time<1ms TTL=64

Ping statistics for 192.168.0.45:
    Packets: Sent = 4, Received = 4, Lost = 0 (0% loss),
Approximate round trip times in milli-seconds:
    Minimum = 0ms, Maximum = 0ms, Average = 0ms

C:\Users\me>"C:\Program Files (x86)\PuTTY\putty.exe" bootserver.local
<putty login pops up>
login as: pi
pi@bootserver.local's password:

The programs included with the Debian GNU/Linux system are free software;
the exact distribution terms for each program are described in the
individual files in /usr/share/doc/*/copyright.

Debian GNU/Linux comes with ABSOLUTELY NO WARRANTY, to the extent
permitted by applicable law.
Last login: Wed Aug 10 01:59:16 2016 from 192.168.0.121
pi@bootserver:~ $ 
Raspomh wrote:How I can connect to rpi from a home network PC

If I open putty on my home network PC under SSH chose x-11 .. goto session enter my pi ip address click open. Terminal opens and log into rpi.

If I try to log into my rpi using this same procedure using DNS when Terminal opens its a black screen it does not state "login as"

My rpi is connected via Eithernet
Sounds like the router can't (or isn't configured to) handle the [...] process in:

Code: Select all

device <-> your router [<-> internet <-> your router] <-> Pi

Raspomh
Posts: 106
Joined: Sat Jul 30, 2016 7:59 pm

Re: Can't connect to rpi on home network

Wed Aug 10, 2016 2:34 am

Sounds like the router can't (or isn't configured to) handle the [...] process

When I log into my ISP router I looked under advanced for DNS I did not see anything to configure am I looking in the correct place?

asandford
Posts: 1997
Joined: Mon Dec 31, 2012 12:54 pm
Location: Waterlooville

Re: Can't connect to rpi on home network

Wed Aug 10, 2016 2:52 am

Raspomh wrote:Sounds like the router can't (or isn't configured to) handle the [...] process

When I log into my ISP router I looked under advanced for DNS I did not see anything to configure am I looking in the correct place?
We'd need to know the make / model of your router...


asandford
Posts: 1997
Joined: Mon Dec 31, 2012 12:54 pm
Location: Waterlooville

Re: Can't connect to rpi on home network

Thu Aug 11, 2016 10:58 pm

Raspomh wrote:Cisco
Well, that narrows it down a bit..Any model number perhaps?

Raspomh
Posts: 106
Joined: Sat Jul 30, 2016 7:59 pm

Re: Can't connect to rpi on home network

Fri Aug 12, 2016 12:06 pm

Sorry

Model#
DPC3941T

Device type
XB3

skspurling
Posts: 194
Joined: Fri Jul 27, 2012 1:44 pm
Location: US. Right in the middle...

Re: Can't connect to rpi on home network

Fri Aug 12, 2016 12:32 pm

Raspomh wrote:Let's take my phone out of the equation for now ..

How I can connect to rpi from a home network PC

If I open putty on my home network PC under SSH chose x-11 .. goto session enter my pi ip address click open. Terminal opens and log into rpi.

If I try to log into my rpi using this same procedure using DNS when Terminal opens its a black screen it does not state "login as"

My rpi is connected via Eithernet

(how I find the ip address of my pi .. use an app from Google play store "Fing")
Oh, right up my alley. There's your problem. You can't hairpin to the public IP of your router. The NO-IP is a DNS entry for the outside of your router. If the phone is connected to your wifi, it won't work, because you need an "INSIDE" IP associated with the Pi for it to connect with.

The problem is NAT, the translation between public external IP addressing and internal private IP addressing. You can't connect from the inside of your network to the inside of your network through the outside of your network. Normally an enterprise organization that has issues with this will run two DNS servers, or a DNS server with two views. It's smart enough to know if you are coming from the inside of the network or outside, and will return the right IP for which side of the NAT you are on.

The solution is to use your router for DNS inside your network, and put an entry in the DNS server with the inside address and same name as you would use outside of your network. Your router will then proxy the DNS lookups, and when the DNS lookup for your Pi is requested, it will return your inside/private IP address.

User avatar
nl3prc
Posts: 160
Joined: Sun Jul 24, 2016 12:39 pm
Location: Den Helder the netherlands

Re: Can't connect to rpi on home network

Sat Aug 13, 2016 2:00 pm

Is a port forwarding to the pi lan ip not workable

skspurling
Posts: 194
Joined: Fri Jul 27, 2012 1:44 pm
Location: US. Right in the middle...

Re: Can't connect to rpi on home network

Sun Aug 14, 2016 4:14 am

nl3prc wrote:Is a port forwarding to the pi lan ip not workable
From his description, it's working just fine. This is a common issue for enterprise level networks that run NAT and host their own services. He wants to use the same hostname to access something inside his network as he does outside his network. The public DNS points to his public IP with the working port forwarding. Inside, you can't hairpin from your local network through the port forward to your inside network, which is what public DNS is telling it to do. That doesn't work. What you have to do to fix that is make the address learned through DNS contingent on where you are.

This is a good place to implement a Pi. Make a Pi router with an integrated DNS proxy, or set your local DNS to use a Pi DNS server. Load BIND on it, and configure a local copy of that domain pointing to the local IP address.

skspurling
Posts: 194
Joined: Fri Jul 27, 2012 1:44 pm
Location: US. Right in the middle...

Re: Can't connect to rpi on home network

Mon Aug 15, 2016 12:36 pm

Okay, I looked up the router. It's a comcast cable head end router. Pretty nice and fast, but it's the vendors router, so they lock it down to limit support calls.

So, first, NAT is the system that translates your internal private IP addresses to a public IP and port number on the outside of your router. The reason you are restricted in using your outside IP address is that the issue of doing a two way translation to hairpin through the router is very weird and hardly ever makes sense. If you were inside your network, why would you leave the network to talk to another device on your network?

So, you need to have an internal router with DNS built in, or something, that can give out a DNS server that can tell your inside devices to go to your inside IP address, and answer every thing else.

asandford
Posts: 1997
Joined: Mon Dec 31, 2012 12:54 pm
Location: Waterlooville

Re: Can't connect to rpi on home network

Tue Aug 16, 2016 1:37 am

skspurling wrote: So, first, NAT is the system that translates your internal private IP addresses to a public IP and port number on the outside of your router. The reason you are restricted in using your outside IP address is that the issue of doing a two way translation to hairpin through the router is very weird and hardly ever makes sense. If you were inside your network, why would you leave the network to talk to another device on your network?

So, you need to have an internal router with DNS built in, or something, that can give out a DNS server that can tell your inside devices to go to your inside IP address, and answer every thing else.
I can access my website both internally and externally with the same no-ip redirected URL (to a pi web server).

drgeoff
Posts: 9901
Joined: Wed Jan 25, 2012 6:39 pm

Re: Can't connect to rpi on home network

Tue Aug 16, 2016 9:26 am

asandford wrote:
skspurling wrote: So, first, NAT is the system that translates your internal private IP addresses to a public IP and port number on the outside of your router. The reason you are restricted in using your outside IP address is that the issue of doing a two way translation to hairpin through the router is very weird and hardly ever makes sense. If you were inside your network, why would you leave the network to talk to another device on your network?

So, you need to have an internal router with DNS built in, or something, that can give out a DNS server that can tell your inside devices to go to your inside IP address, and answer every thing else.
I can access my website both internally and externally with the same no-ip redirected URL (to a pi web server).
Some routers can do that, others cannot.

skspurling
Posts: 194
Joined: Fri Jul 27, 2012 1:44 pm
Location: US. Right in the middle...

Re: Can't connect to rpi on home network

Tue Aug 16, 2016 1:04 pm

drgeoff wrote:
asandford wrote: I can access my website both internally and externally with the same no-ip redirected URL (to a pi web server).
Some routers can do that, others cannot.
I could be wrong, but I think that is based on DHCP and how the router and host are configured. Try doing a nslookup from a computer on your home network for your web servers name. You just go to the command prompt and type "nslookup what.everyourwebserveris.blah". It should return the name and IP of the DNS server that returned the results and the name and IP that was returned for that lookup.

From what I vaguely rememeber, DHCP can create local host entries in some residential gateways, so you have some auto-magically created DNS names inside your network for internal hosts. You need to change the dhclient.conf hostname to the no-ip hostname. Then you would reboot the Pi. As soon as it registers with DHCP, that hostname would be in the local DNS forwarder. Thing is, this requires some things behind the scenes to be working correctly. You can try that and see if it works...

drgeoff
Posts: 9901
Joined: Wed Jan 25, 2012 6:39 pm

Re: Can't connect to rpi on home network

Tue Aug 16, 2016 5:30 pm

Whether the router can do it or not is a function of the router, usually determined by the firmware.

'Router hairpinning' or 'NAT loopback'. http://opensimulator.org/wiki/NAT_Loopback_Routers

See the first two posts at https://community.bt.com/t5/Connected-D ... d-p/863542 and https://community.bt.com/t5/ADSL-Copper ... d-p/689586 for an example of a router where a firmware update enabled this function.

asandford
Posts: 1997
Joined: Mon Dec 31, 2012 12:54 pm
Location: Waterlooville

Re: Can't connect to rpi on home network

Tue Aug 16, 2016 11:05 pm

drgeoff wrote: Some routers can do that, others cannot.
FWIW, the router is a Draytek Vigor2820Vn (it's quite old, has a number of issues, but on the whole is good), hooked up to a cable modem in bridged mode (only mode it has).

skspurling
Posts: 194
Joined: Fri Jul 27, 2012 1:44 pm
Location: US. Right in the middle...

Re: Can't connect to rpi on home network

Fri Aug 19, 2016 8:29 pm

asandford wrote:
drgeoff wrote: Some routers can do that, others cannot.
FWIW, the router is a Draytek Vigor2820Vn (it's quite old, has a number of issues, but on the whole is good), hooked up to a cable modem in bridged mode (only mode it has).
I don't mess much with home routers, so this is the first I've seen of this. Seeing as how most US home internet providers want to charge extra so they can sell a static IP, and limit home based servers, I can't imagine this feature being high on their list for branded edge routers. I doubt that's something OP's router is going to be supporting. It looks like various higher end Linksys and WRT routers support it.

It's not going to be a security issue, or at least it shouldn't be, because NAT is not security. NAT is NAT, and your firewall should be your security. I could see something like that being a performance issue. Small routers don't have a lot of forwarding capacity, and when you hairpin the traffic, you are putting more traffic through it. Not a lot of impact for a home user with a web site, but if it's a NAS or something, you may see better performance if you leave the traffic local and don't run it through your router. There is also a bit more state that has to be kept and translated by the router in order to build and keep the transaction working. If you are interested in the details, the following link gives a slightly imperfect illustration of the problem in the first answer. http://security.stackexchange.com/quest ... ty-problem

So, back to the task at hand, which is how to get access inside and outside a NAT router. What disturbs me is the correct answer in the industry at large, is considered a stop gap for home users. I guess it's because the idea of running an internal DNS server on a home network is so strange. Regardless, I think any home user that has this issue would see a big performance increase if they just built a small internal DNS server that prevents the need for NAT loopback. Sometimes that can even be done on the router with very little impact anyway.

asandford
Posts: 1997
Joined: Mon Dec 31, 2012 12:54 pm
Location: Waterlooville

Re: Can't connect to rpi on home network

Fri Aug 19, 2016 11:58 pm

skspurling wrote:I don't mess much with home routers, so this is the first I've seen of this.
The draytek isn't a home router, more SoHo/SBS
skspurling wrote:Seeing as how most US home internet providers want to charge extra so they can sell a static IP, and limit home based servers, I can't imagine this feature being high on their list for branded edge routers. I doubt that's something OP's router is going to be supporting. It looks like various higher end Linksys and WRT routers support it.
I live in the UK, my cable IP address has only changed 3 times in the last 6 years.

skspurling
Posts: 194
Joined: Fri Jul 27, 2012 1:44 pm
Location: US. Right in the middle...

Re: Can't connect to rpi on home network

Sat Aug 20, 2016 1:24 am

asandford wrote:
skspurling wrote:I don't mess much with home routers, so this is the first I've seen of this.
The draytek isn't a home router, more SoHo/SBS
...
I live in the UK, my cable IP address has only changed 3 times in the last 6 years.
Yeah, I looked it up and noticed the price was only in GBP, which explains why I wasn't familiar with the brand. It looks alot like the higher end Netgear/Linksys or lower end Cisco devices. They are all pretty good for what they do. A lot of these kinds of devices are probably being used in the FTTH deployments, I imagine. Is WRT firmware available for it? It really increases the capabilities of these devices, and keeps them viable for many more years.

Sounds like DSL and Cable is a lot friendlier in England. There are practices in the US that are in place to discourage home servers and help ensure you buy a higher priced tier if you want to do so. There are a few technical reasons for the asymmetrical setup.

Return to “Beginners”